Blockchain-based certifications
Blockchain technology, known for its transformative role in finance, is breaking new ground in the realm of education. Traditionally seen as a foundation for cryptocurrencies, blockchain’s potential extends far beyond just a secure transaction ledger. At the University of Nicosia, we have embraced this revolutionary technology to reimagine how academic achievements are recorded, shared, and verified.
The introduction of blockchain into the world of academic credentialing marks a paradigm shift. Far from its roots in financial transactions, and specifically for the use-case of verifiable academic credentials, blockchain serves as a decentralized, permanent, and unalterable repository of academic achievements. The applicability of the technology to education indicates blockchain’s versatility and its capacity to ensure trust, and transparency in systems beyond the financial sector.
Introducing
Digital Academic Certificates on Blockchain
In an increasingly digital age, the concept of academic certificates has evolved. The University of Nicosia proudly leads this change by leveraging blockchain to issue digital academic certificates. These are not mere digital replicas of traditional paper diplomas or professional certificates; they are advanced, secure, and verifiable credentials stored on the blockchain.
In brief, the issuance process involves cryptographic signing and hashing, for recording these certificates on the blockchain. This not only ensures their authenticity but also allows for instant verification of their validity, without the need to contact or involve the issuing institution, during the verification process.
This pioneering approach places the University of Nicosia at the forefront of educational innovation, harnessing the power of blockchain to provide students with secure, verifiable, and tamper-proof academic credentials.
BTC-based Certificates
The Process of Creating and Issuing Blockchain Certificates
Creating and issuing a digital certificate is relatively simple with blockchain: a digital PDF file is created which contains some basic information such as the student name, degree name, year of graduation, name of the university, an issue date, etc. Then the contents of the certificate are signed using a private key to which only the institution has access, and will append that signature to the certificate itself. Next, a document hash using SHA-256 algorithm is created which can be used to verify that nobody has tampered with the content of the certificate. Finally, private key is used again to create a transaction that anchor the hash of that record on the blockchain; which means that a certain certificate is issued on a certain date, with proof of its validity. This makes it possible to verify who a certificate was issued to, by whom, and validate the content of the certificate itself.
The University of Nicosia’s Milestone
The University of Nicosia has become the first university in the world to issue academic certificates whose validity, and authenticity can be verified through the Bitcoin blockchain. These certificates are being issued since 2015 to students who successfully completed or participated in DFIN-511 (Introduction to Digital Currencies), which is the first Massive Open Online Course (MOOC) offered by a university on the topic of cryptocurrency. Since 2017, UNIC started to issue all university diplomas on the Bitcoin blockchain using its own technology, which is developed as open source and has already been adopted by other universities and certificate issuers around the globe. For example, the British University in Dubai’s (BUiD) graduating batch of 2017 was the first in the country and third in the world to receive a self-verifiable blockchain certificate issued using the protocol developed by the University of Nicosia.
Purpose and Functionality
The University of Nicosia’s protocol for issuing and revoking digital certificates on public blockchains is an important contribution to on-chain academic credential management. Designed with both security and accessibility in mind, our approach redefines the issuance and verification of academic certificates. The core functionality of our platform and protocol is centred on creating digitally verifiable certificates that are both easily accessible and highly secure. Personal data are kept on the certificate itself (along with other metadata) where a digital fingerprint (i.e., the hash) of the certificate object is stored on-chain.
Leveraging Bitcoin’s OP_RETURN for Data Storage
Our protocol utilizes Bitcoin’s OP_RETURN operator. This feature of the Bitcoin blockchain allows for the inclusion of a small amount of arbitrary data — in this case, information pertinent to academic certificates. By utilizing OP_RETURN, we embed a unique document hash of each certificate directly onto the Bitcoin blockchain. This method ensures that the integrity of each certificate is permanently recorded and publicly verifiable. More specifically, and to enable issuances in batches our protocol enables the issuance of thousands of credentials by hashing them together using a Merkle tree data structure.
Overview of Processes
Creating Credentials
The creation of verifiable credentials begins with the generation of a digital certificate in a PDF format. This document contains essential details such as the student’s name, degree, graduation year, and issuing institution. These details are attached to the PDF as additional metadata and are kept off-chain attached to the PDF object itself (metadata can only be programmatically retrieved). The certificate is then cryptographically signed using a private key, ensuring that it is uniquely tied to the issuing authority.
Issuing Credentials
Once a certificate is created, it is issued by recording its hash on the blockchain. A hash function is used to derive the message digest (aka the hash) of the PDF object. Then, and for performing a batch issuance, hashes of each object are hashed together in a Merkle tree structure, leading to the creation of a Merkle root. This root represents all the credentials, and even a minor alteration in any certificate changes this root completely.
The issuance process concludes with creating a Bitcoin transaction incorporating the OP_RETURN operator with the Merkle root as part of the data. This transaction is sent to a Bitcoin node, and upon confirmation, it gets securely stored in the blockchain. This is the immutable and publicly verifiable proof needed to ensure that the credentials are not only secure and tamper-proof but also verifiable independently by anyone.
Post-issuance, additional information that proves that the credential has been issued on-chain is added as part of the metadata of each PDF object; establishing proof that it was issued on the blockchain.
This includes the Merkle proof, the Merkle root, and the transaction identifier (TxID). This process takes place after a successful issuance since only then we are able to know the TxID. T
The additional metadata are added in a deterministic manner, in such a way that removing them will revert the PDF to its original state; as it was when initially generated during the credential creation process. This is essential for the validation process.
Revoking Credentials
While the original record on the blockchain cannot be altered (maintaining the integrity and immutability of the ledger), we can issue a new transaction to indicate the revocation of a specific certificate. In doing so, a meta-protocol, named Blockchain
Document Issuing Protocol (BDIP) has been proposed to ensure that the status of any credential can be accurately verified at any time.
Technical Deep Dive
For those interested in a more technical exploration of our platform and protocols, we provide detailed explanations of each operation – from creation and issuance to revocation of credentials. These details delve into the cryptographic techniques employed, the specifics of the Bitcoin blockchain interactions, and the overall architecture of our platform and protocol (including details of the BDIP protocol proposed as a solution to revocation).
GitHub Resources (License: MIT License)
Blockchain Certificates (main repo)
Methodology for creating PDF certificates (sample)
Methodology for issuing certificates (sample)
Revoking certificates (CRED Protocol)
We invite you to explore these resources for a comprehensive understanding of the technological innovation behind our blockchain-based academic credentialing system.
Continuing
Innovation
Moving forward from our BTC-based approach, our exploration has extended into the use of non-fungible tokens (NFTs) to address challenges in credentialing issuance and verification. Notably, in 2022, we launched META-511: an innovative, open-access course on NFTs and the Metaverse, uniquely conducted within the metaverse and utilizing on-chain technology. Additionally, we have pioneered the issuance of Generative art NFT certificates for this course. These certificates, hosted on-chain, offer a personalized approach to digital credentialing, reflecting our ongoing commitment to technological innovation in education.
Publications
Revoking Records in an Immutable Ledger: A Platform for Issuing and Revoking Official Documents on Public Blockchains
K. Karasavvas, “Revoking Records in an Immutable Ledger: A Platform for Issuing and Revoking Official Documents on Public Blockchains,” 2018 Crypto Valley Conference on Blockchain Technology (CVCBT), Zug, Switzerland, 2018, pp. 105-111, doi: 10.1109/CVCBT.2018.00019.